US7673331B2ActiveUtilityA1

Server certificate issuing system

82
Assignee: GLOBALSIGN KKPriority: Oct 5, 2007Filed: Aug 7, 2008Granted: Mar 2, 2010
Est. expiryOct 5, 2027(~1.2 yrs left)· nominal 20-yr term from priority
H04L 63/062H04L 63/0823H04L 9/3263
82
PatentIndex Score
23
Cited by
22
References
12
Claims

Abstract

A server certificate issuing system confirms existence of a Web server for which a certificate is to be issued. The web server includes means for generating an entry screen to input application matters for an issuance of a server certificate, means for generating a key pair a public key and a private key, means for generating a certificate signing request file (CSR) containing the generated public key, and means for generating a verification page indicating intention of requesting the issuance of the certificate. A registration server retrieves the CSR from a received server certificate request and accesses the Web server to read the verification information, and compares the read verification information with the CSR. If the verification information read from the Web server is identical to the CSR, it is determined that the Web server for which the server certificate is to be issued exists.

Claims

exact text as granted — not AI-modified
1. A server certificate issuing system comprising a registration server provided in a registration authority to receive a server certificate request transmitted from a Web server via a network and to transmit a certificate signing request file (CSR) which is included in said server certificate request to an issuing authority after performing a predetermined examination, and a certificate issuing server provided in the issuing authority to receive the CSR transmitted from the registration server, to generate a server certificate with a digital signature, and to transmit the generated server certificate to said registration server, wherein
 said Web server comprises 
 means for generating an entry screen to input application information, 
 means for generating a key pair of a public key and a private key, 
 means for generating the CSR containing the generated public key, 
 verification page generating means for generating a verification page to indicate intention of requesting an issuance of the server certificate and storing verification information in said verification page, 
 means for generating the server certificate request containing an application information including at least the generated CSR and the address information of said Web server, and 
 means for transmitting the generated server certificate request to the registration server provided in the registration authority, and 
 said registration server comprises 
 means for receiving the server certificate request transmitted from said Web server, 
 verification information reading means for accessing the verification page of the Web server based on the address information contained in the received server certificate request to read out the verification information indicated on the verification page, 
 verification means for comparing the read verification information with the information contained in the server certificate request, and 
 means for transmitting the CSR contained in the received server certificate request to the certificate issuing server, 
 means for receiving the server certificate transmitted from the certificate issuing server, 
 download means for downloading the server certificate to the Web server, and wherein said registration server transmits the CSR contained in said server certificate request to the certificate issuing server only when said verification means has judged that the verification page has been generated, as the result of the verification. 
 
   
   
     2. The server certificate issuing system according to  claim 1 , wherein
 said verification page generating means of said Web server performs an encryption operation for a part of the information contained in the server certificate request using a predetermined encrypting arithmetic expression and displays the obtained encrypted data as the verification information on the verification page, and 
 
     said verification means of the registration server performs an encryption operation for a part of the information contained in the received server certificate request using said predetermined encrypting arithmetic expression to verify whether the verification page has been generated or not by comparing the generated encrypted data with the verification information read out from the verification page. 
   
   
     3. The server certificate issuing system according to  claim 1 , wherein an IP address or FQDN of said Web server or URL information of the verification page are used as the address information of the Web server contained in said server certificate request. 
   
   
     4. The server certificate issuing system according to  claim 3 , wherein said registration server accesses the URL of the verification page contained in the server certificate request to read out the verification information. 
   
   
     5. The server certificate issuing system according to  claim 3 , wherein
 said registration server has means for generating the URL of the verification page using the FQDN or the IP address of the Web server and the title of the verification page contained in the server certificate request to access the verification page of the Web server identified by the generated URL in order to read out the verification information. 
 
   
   
     6. The server certificate issuing system according to  claim 1 , wherein
 said Web server has a control panel to mainly configure and manage the Web and email of said Web server, and wherein 
 the means for generating the entry screen to input the application information, the means for generating the key pair, the means for generating the CSR, the means for generating the verification page, and the means for generating the server certificate request are loaded on said control panel. 
 
   
   
     7. The server certificate issuing system according to  claim 1 , wherein
 said Web server has status inquiry means for inquiring of the registration server as to the issuance status of the certificate, and performs the status inquiry periodically using an assigned application ID as a key. 
 
   
   
     8. The server certificate issuing system according to  claim 7 , wherein said registration server further comprises
 means for storing the received server certificate in a download area, 
 means for responding to the status inquiry transmitted from said Web server, and and 
 when said registration server receives the status inquiry from the Web server, said registration server confirms whether a corresponding server certificate is stored in the download area or not, and if the server certificate is stored, as a response to said status inquiry, the server certificate stored in the download area is downloaded to the Web server, 
 and wherein 
 the processes from the application for issuance of the server certificate to the downloading of the issued server certificate to the Web server are automatically executed in series. 
 
   
   
     9. The server certificate issuing system according to  claim 1 , wherein an administrator of the Web server accesses the Web server managed by him/her via a terminal and a network, calls the entry screen to input the application information of the server certificate and inputs required application details into the entry screen. 
   
   
     10. The server certificate issuing system according to  claim 1 , wherein said registration server further comprises means for obtaining an IP address corresponding to a domain name of said Web server by directly accessing a primary domain name server (DNS) which manages a database storing a relationship between the domain names and the IP addresses, and means for comparing the obtained IP address with an IP address of the verification page, wherein if both the IP addresses are not identical to each other, the server certificate request is processed to be an error. 
   
   
     11. A server certificate issuing system comprising a registration server provided in a registration authority to receive a server certificate request transmitted from a Web server via a network and to transmit a certificate signing request file (CSR) which is included in said server certificate request to an issuing authority after performing a predetermined examination, and a certificate issuing server provided in the issuing authority to receive the CSR transmitted from the registration server, to generate a server certificate with a digital signature, and to transmit the generated server certificate to said registration server, wherein
 said Web server comprises 
 means for generating an entry screen to input application information, 
 means for generating a key pair of a public key and a private key, 
 means for generating the CSR containing the generated public key, 
 verification page generating means for generating a verification page to indicate intention of requesting an issuance of the server certificate and storing verification information in said verification page, 
 means for generating the server certificate request containing an application information including at least the generated CSR and the address information of said Web server, and 
 means for transmitting the generated server certificate request to the registration server provided in the registration authority, and 
 said registration server comprises 
 means for receiving the server certificate request transmitted from said Web server, 
 verification information reading means for accessing the verification page of the Web server based on the address information contained in the received server certificate request to read out the verification information indicated on the verification page, 
 verification means for comparing the read verification information with the information contained in the server certificate request, and 
 means for transmitting the CSR contained in the received server certificate request to the certificate issuing server, 
 means for receiving the server certificate transmitted from the certificate issuing server, 
 download means for downloading the server certificate to the Web server, and wherein 
 said registration server transmits the CSR contained in said server certificate request to the certificate issuing server only when said verification means has judged that the verification page has been generated, as the result of the verification; wherein 
 the CSR contained in server certificate request is used as said verification information, 
 the verification page generating means of said Web server displays the generated CSR on the verification page, and 
 said verification means of the registration server verifies whether the verification page has been generated or not by comparing the verification information read out from the verification page with the CSR contained in the server certificate request. 
 
   
   
     12. A server certificate issuing system comprising a registration server provided in a registration authority to receive a server certificate request transmitted from a Web server via a network and to transmit a certificate signing request file (CSR) which is included in said server certificate request to an issuing authority after performing a predetermined examination, and a certificate issuing server provided in the issuing authority to receive the CSR transmitted from the registration server, to generate a server certificate with a digital signature, and to transmit the generated server certificate to said registration server, wherein
 said Web server comprises 
 means for generating an entry screen to input application information, 
 means for generating a key pair of a public key and a private key, 
 means for generating the CSR containing the generated public key, 
 verification page generating means for generating a verification page to indicate intention of requesting an issuance of the server certificate and storing verification information in said verification page, 
 means for generating the server certificate request containing an application information including at least the generated CSR and the address information of said Web server, and 
 means for transmitting the generated server certificate request to the registration server provided in the registration authority, and 
 said registration server comprises 
 means for receiving the server certificate request transmitted from said Web server, 
 verification information reading means for accessing the verification page of the Web server based on the address information contained in the received server certificate request to read out the verification information indicated on the verification page, 
 verification means for comparing the read verification information with the information contained in the server certificate request, and 
 means for transmitting the CSR contained in the received server certificate request to the certificate issuing server, 
 means for receiving the server certificate transmitted from the certificate issuing server, 
 download means for downloading the server certificate to the Web server, and wherein 
 said registration server transmits the CSR contained in said server certificate request to the certificate issuing server only when said verification means has judged that the verification page has been generated, as the result of the verification wherein 
 said verification page generating means of said Web server performs an encryption operation for a part of the information contained in the server certificate request using a predetermined encrypting arithmetic expression and displays the obtained encrypted data as the verification information on the verification page, and 
 said verification means of the registration server performs an encryption operation for a part of the information contained in the received server certificate request using said predetermined encrypting arithmetic expression to verify whether the verification page has been generated or not by comparing the generated encrypted data with the verification information read out from the verification page; wherein 
 the verification page generating means of the Web server performs an encryption operation using the public key of the generated key pair, and displays the generated encrypted data as the verification information on the verification page, and 
 said verification means of the registration server performs an encryption operation using the public key contained in the CSR, and compares the generated encrypted data with the verification information read out from the verification page.

Cited by (0)

No later patents cite this yet.

References (0)

No backward citations on record.